HA between physical and vm
I have 1 WAN in a pfsense vm. Planning on adding a physical pfsense box and making the vm the 2nd node in HA.
Do I need another NIC on each machine for heartbeat?
The heartbeats are on all interfaces. The sync interface is a third NIC. Note that syncing states only works if the interfaces are the same type: https://docs.netgate.com/pfsense/en/latest/book/highavailability/pfsync-overview.html#pfsync-and-physical-interfaces
The document states identical “hardware interfaces”. Does need to be identical NIC or if identical NIC chipset will suffice?
If identical hardware really means the machine, having both nodes as vm on different hosts should provided sufficient abstract for pfsync work.
Does need to be identical NIC or if identical NIC chipset will suffice
It has to use the same driver. Otherwise CARP will work for failover but firewall states won't sync so connections will drop.
There is a discussion in that area of the book about using LAGG groups across different hardware, but LAGGs have other down sides like not working with traffic shaping.